CVE-2015-4330

CWE-78 — OS Command Injection4 documents4 sources

Severity

6.9MEDIUM

EPSS

0.2%

top 57.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence Video Communication Server Software

Timeline

PublishedSep 2

Latest updateMay 17

Description

A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/telepresence_video_communicationx8.5.2

🔴Vulnerability Details

GHSA

GHSA-2whq-wq68-cc6m: A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2022-05-17

▶

CVEList

CVE-2015-4330: A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8↗2015-09-02

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability↗2015-09-01

▶